2

这是我的场景,我想连接到 ldap usign jndi,我正在使用读取信任库和密钥库的自定义 SSLSOcketfactory。上下文创建成功,但是当我尝试使用相同的凭据进行身份验证时,它会抛出一个错误,指出不支持身份验证方法。

这是我的自定义 ssl 套接字代码 -

try {
    StringBuffer trustStore = new StringBuffer("c:/Temp/certs/TrustStore");
            StringBuffer keyStore =  new StringBuffer("c:/Temp/certs/keystore.arun");
    StringBuffer keyStorePass = new StringBuffer("xxxxx");
               StringBuffer keyAlias = new StringBuffer("user");
        StringBuffer keyPass =  new StringBuffer("XXXX");

            TrustManagerFactory tmf =TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());

    FileInputStream fis = new FileInputStream(trustStore.toString());
    KeyStore ks1 = KeyStore.getInstance("jks");
    ks1.load(fis, trustStorePass.toString().toCharArray());
            fis.close();
    tmf.init(ks1);
    TrustManager[] tms = tmf.getTrustManagers();
    FileInputStream fin = new FileInputStream(keyStore.toString());
    KeyStore ks2 = KeyStore.getInstance("jks");
    ks2.load(fin, keyStorePass.toString().toCharArray());
    fin.close();
    KeyManagerFactory kmf =
        KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
    kmf.init(ks2, keyStorePass.toString().toCharArray());
    KeyManager[] kms = kmf.getKeyManagers();
    if (keyAlias != null && keyAlias.length() > 0) {
            for (int i = 0; i < kms.length; i++) {
                // We can only deal with instances of X509KeyManager
                if (kms[i] instanceof X509KeyManager)
                    kms[i] = new CustomKeyManager(
                            (X509KeyManager) kms[i], keyAlias.toString());
            }
        }

SSLContext context = SSLContext.getInstance("TLS");
    context.init(kms,tms, null);
    ssf = context.getSocketFactory();
 } catch (Exception e) {
    // TODO Auto-generated catch block
    e.printStackTrace();
}
}

  public static SocketFactory getDefault() {

    return new CustomSSLSocketFactory();
}

使用这个 CustomSSLSocketFactory 的 jndi 代码如下

    env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
    env.put(Context.PROVIDER_URL, "ldaps://wx64ads01a.vapps.esca.com:636");
    env.put(Context.REFERRAL, "follow");
env.put("java.naming.ldap.derefAliases", "always");
env.put("java.naming.ldap.factory.socket","com.eterra.security.authz.dao.CustomSSLSocketFactory" );

try {
    ctx = new InitialLdapContext(env, null);
// start ssl session for server authentication
    }catch(Exception e ){
    System.out.println(e);
}
    try{
ctx.addToEnvironment(Context.SECURITY_AUTHENTICATION,
                    "EXTERNAL");
    String path = "CN=domain,DC=casa,DC=com"
    String inFilter = "(&(objectClass=*))";
     SearchControls sc = new SearchControls();
sc.setSearchScope(SearchControls.SUBTREE_SCOPE);
NamingEnumeration<SearchResult> results = null;

results = ctx.search(path, inFilter, sc);
  }

我的上下文创建得很完美,但是当我尝试验证并绑定到 ldap 时,我得到了 Invalid Authentication method 。任何帮助将不胜感激,现在很长一段时间以来一直在努力解决这些错误。提前致谢 。

4

1 回答 1

0

Context.SECURITY_AUTHENTICATION, "外部"

当我尝试验证并绑定到 ldap 时,我得到 Invalid Authentication method

所以你的 LDAP 服务器不支持外部身份验证。

于 2012-10-24T04:58:30.780 回答